Welcome to Echoing the Sound. You'll find that quite a few things have changed here since the last iteration of the board so be sure to check out the FAQ. This is a completely fresh start - You'll need to register before you can post: click the register link above to proceed (and look for the registration email in your spam folder). To start viewing messages, select the forum that you want to visit from the selection below.

wikileaks year zero vault 7 - CIA hacking files

"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.

Does it make me sound like a crazy conspiracy theorist to wonder if WL didn't time this to help turn public opinion against the intelligence committee and thus make people think that anything damning they say about 45 and Russia is either false, politically motivated, or both?

If you are going to read anything about the dump today, read the direct wikileaks press release that allegro linked to. The press is primarily rehashing the release and shitting all over themselves with stupidly wrong things like "Signal is broken!"

standout items getting press: Has spy tools for every smartphone and major computer OS, even the mics on your smart TVs.

standout items NOT getting press: CIA has been secretly paying to keep public insecure. They were working to infect car control systems (assassinations?). CIA has a large library of weapons that leave the "fingerprints" of other groups, including.... yes... Russia.

Does it make me sound like a crazy conspiracy theorist to wonder if WL didn't time this to help turn public opinion against the intelligence committee and thus make people think that anything damning they say about 45 and Russia is either false, politically motivated, or both?

Does it make me sound like a crazy conspiracy theorist to wonder if WL didn't time this to help turn public opinion against the intelligence committee and thus make people think that anything damning they say about 45 and Russia is either false, politically motivated, or both?

Or, that Obama didn't need to order any "wiretaps" as the CIA has been spying on American citizens since shortly after 9/11.

it's worth pointing out the decryption passphrase on the wikileaks dump (SplinterItIntoAThousandPiecesAndScatterItIntoTheW inds) is a reference to a quote by JFK about the CIA a month before his assassination.

it's worth pointing out the decryption passphrase on the wikileaks dump (SplinterItIntoAThousandPiecesAndScatterItIntoTheW inds) is a reference to a quote by JFK about the CIA a month before his assassination.

It goes way beyond that. Read the "How the CIA dramatically increased proliferation risks" portion of the wikileaks release.

They lay out an interesting legal dilemma, which I don't know if its true or not. But basically the way the CIA created & used the tools on the internet would have violated classification rules... IF the tools were classified. So they didn't classify the tools. So that means anyone can use those tools and even the US Gov can't claim ownership/copyright.

yea, it may just be a little flourish from Assange wanting to stick it to the CIA. Or it could be more... like a hint that Assange thinks the CIA is doing dirty high stakes political stuff again... or... or...

I wouldn't be surprised if the CIA were involved pretty heavily in Hillary losing the election, or with trying to fuck Trump over right now, or really anything.

To loop it back to this thread, Trump does have power to start going after the CIA. With all his talk about them, lets see if this dump gives him any motivation. It'll probably be just more bullshit comments pointing at some media coverage and saying "see, they are dirty! can't be trusted"

It goes way beyond that. Read the "How the CIA dramatically increased proliferation risks" portion of the wikileaks release.

They lay out an interesting legal dilemma, which I don't know if its true or not. But basically the way the CIA created & used the tools on the internet would have violated classification rules... IF the tools were classified. So they didn't classify the tools. So that means anyone can use those tools and even the US Gov can't claim ownership/copyright.

you would be surprised at the amount of NDA's and legal document's security research teams and pen-testers have to sign to even look at a system or face prosecution there are also disclosure agreements, that also state all findings must be disclosed to affected parties or face prosecution
-louie

Trump 2017: Year Zero

Originally Posted by Louie_Cypher

you would be surprised at the amount of NDA's and legal document's security research teams and pen-testers have to sign to even look at a system or face prosecution there are also disclosure agreements, that also state all findings must be disclosed to affected parties or face prosecution
-louie

Very aware. Pentest scoping and legal engagement rules are a pain. But that has little to do with the CIA.

CIA has tools that don't fit classification models easily. More importantly, they are categorizing all these tools as "weapons" which makes little sense when shoved into existing arms rules.

Very aware. Pentest scoping and legal engagement rules are a pain. But that has little to do with the CIA.

CIA has tools that don't fit classification models easily. More importantly, they are categorizing all these tools as "weapons" which makes little sense when shoved into existing arms rules.

i would agree i would like to know more about importantly, they are categorizing all these tools as "weapons"i can still download free versions of Kali, burp suite, wire shark and python IDE, are these "weapons"?
just curious
-Louie

what i was trying to say a lot of the "weapons" stated in the wiki-leaks, were pre-existing tools for security researchers. pen-testers, and no more a weapon then a pipe wrench, but then again i would not want to be smacked up-side my noggin with a pipe wrench
-Louie

Very aware. Pentest scoping and legal engagement rules are a pain. But that has little to do with the CIA.

CIA has tools that don't fit classification models easily. More importantly, they are categorizing all these tools as "weapons" which makes little sense when shoved into existing arms rules.

But, cyber is a (potential) weapon. It's the modern way to destroy. Look what we (shhhhh) did to Iran's nuclear power plants, repeatedly. Look what China did with our OPM database. Look what could happen if our grid was hit, or if bank networks were hit (taking out all our access to our money in a cashless society). This is espionage (it IS the CIA, not the FBI) but cyber weapons have the intent not only to obtain intel but also the desire to neutralize a threat. I'm not sure everybody follows rules. All of this, of course, is dependent on vulnerability (computer or human).

Can they really remotely hack an iPhone? Or only if they get us to install an app that allows them access?

thanks again dc. bookmarked, big help phone has been blowing up all day, no sir the CIA can't suddenly tap your phone, i don't think they really care, and please don't call me with every piece of crap you happen to read on the internet.
-louie

There's no overlap or turf war with the NSA. The NSA does "signals intelligence", so they hack radios and remotely across the Internet. The CIA does "humans intelligence", so they hack locally, with a human. The sort of thing they do is bribe, blackmail, or bedazzle some human "asset" (like a technician in a nuclear plant) to stick a USB drive into a slot. All the various military, law enforcement, and intelligence agencies have hacking groups to help them do their own missions.

about two years ago there was something that was in fashion called "social" engineering", which was (touted, as human hacking, so instead of using a computer and an Algorithm, to crack a password, you would talk to a person a find out there dogs name and use that, there were competitions were you would get points, for types of info you got, from talking to a receptionist on the phone for 5 minutes, i found it all very compelling if you find it interesting like me look here http://www.social-engineer.org/
-louie v.

two years ago? Man, social engineering has been a thing for decades. I feel like Mitnick going to jail in the mid 90's is what pushed it into the mainstream. It's still one of the more common ways people get access to your stuff, if you are targeted.

Fun fact about the SE competitions: Women tend to absolutely dominate them, even complete novices. Also, women tend to be the most resistant to social engineering attacks.
I love throwing this factoid out when doing talks. It encourages people to experiment who may be novices, and it messes with poor that have poor understandings of gender equality :P

Anyway, I have taken to showing people this as an intro video to what Social Engineering is. It was shot at the 2015 SE competition area at DEFCON.
And I have absolutely used my own kids even worse shit, especially in person... (im an asshole, i know)

Rob (the author) has been hammering on the fact that the bulk of the attacks specifically require someone to plug a USB drive into your device.

He also loves to troll (he does it obviously, and isnt trolling in this case) and generally play the skeptic. It's great. But the reason I am saying all of this is to preface this magically little thing that unfolded yesterday:

Rob (the author) has been hammering on the fact that the bulk of the attacks specifically require someone to plug a USB drive into your device.

He also loves to troll (he does it obviously, and isnt trolling in this case) and generally play the skeptic. It's great. But the reason I am saying all of this is to preface this magically little thing that unfolded yesterday:

That is in his article, speaks to subjective "worry." Like, just because you aren't paranoid doesn't mean people aren't to get you ... har har har. The conspiracy theorists think the NSA is living in our Amazon Echo all day, so now they will think that a CIA agent is in the baby monitor, Nest thermostat and the remote-read RF water meter and is watching you on your home security system.

(But I still won't get an Echo. I also have electrical tape on the cams on my laptop and iMac. I'm not a drug dealer or a terrorist but I don't want people seeing me walk around naked. If the CIA or NSA has it, so do bad guys - that's my motto.)